This page explains how CoreDNS and the Nginx-Ingress controller work within RKE2.
Refer to the Installation Network Options page for details on Canal configuration options, or how to set up your own CNI.
For information on which ports need to be opened for RKE2, refer to the Installation Requirements.
CoreDNS is deployed by default when starting the server. To disable, run each server with
disable: rke2-coredns option in your configuration file.
If you don't install CoreDNS, you will need to install a cluster DNS provider yourself.
NodeLocal DNSCache improves the performance by running a dns caching agent on each node. To activate this feature, apply the following HelmChartConfig:
--- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-coredns namespace: kube-system spec: valuesContent: |- nodelocal: enabled: true
Note that NodeLocal DNSCache must be deployed in ipvs mode if kube-proxy is using that mode. To deploy it in this mode, apply the following HelmChartConfig:
--- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-coredns namespace: kube-system spec: valuesContent: |- nodelocal: enabled: true ipvs: true
Nginx Ingress Controller¶
nginx-ingress is an Ingress controller powered by NGINX that uses a ConfigMap to store the NGINX configuration.
nginx-ingress is deployed by default when starting the server. Ports 80 and 443 will be bound by the ingress controller in its default configuration, making these unusable for HostPort or NodePort services in the cluster.
Configuration options can be specified by creating a HelmChartConfig manifest to customize the
rke2-ingress-nginx HelmChart values. For example, a HelmChartConfig at
/var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml with the following contents sets
"true" in the ConfigMap storing the NGINX config:
# /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml --- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-ingress-nginx namespace: kube-system spec: valuesContent: |- controller: config: use-forwarded-headers: "true"
To disable the NGINX ingress controller, start each server with the
disable: rke2-ingress-nginx option in your configuration file.
Nodes Without a Hostname¶
Some cloud providers, such as Linode, will create machines with "localhost" as the hostname and others may not have a hostname set at all. This can cause problems with domain name resolution. You can run RKE2 with the
node-name parameter and this will pass the node name to resolve this issue.